Github user rhtyd commented on the pull request:
https://github.com/apache/cloudstack/pull/872#issuecomment-217410505
@jayapalu I've tried the client only one by one, one at a time. To share my
environment, I'm on a 192.168.0.0/16 network from where all my clients try to
connect to the router IP (192.168.50.12). I've checked and even tried dropping
all iptables rules and firewall that may be blocking any connection; tcpdump
confirmed that no ports/communication was blocked.
In the daemon/messages log, I get following logs every time a client
connects and then it fails due to timeout; some relevant lines from the log:
remote host is behind NAT
no matching CHILD_SA config found
received retransmit of request with ID 1,, but no response to retransmit
I found that strongswan 5.x is much better at handling NAT traversals, so I
tried to upgrade to that version but it still did not work out either.
Strongswan 5.x failed with following kind of logs:
May 5 22:07:52 r-4-VM charon: 14[IKE] sending NAT-T (RFC 3947) vendor ID
May 5 22:07:52 r-4-VM charon: 14[ENC] generating ID_PROT response 0 [ SA V
V V
]
May 5 22:07:53 r-4-VM charon: 13[IKE] received retransmit of request with
ID 0,,
retransmitting response
May 5 22:07:54 r-4-VM charon: 15[IKE] received retransmit of request with
ID 0,,
retransmitting response
May 5 22:07:57 r-4-VM charon: 04[IKE] received retransmit of request with
ID 0,,
retransmitting response
May 5 22:08:22 r-4-VM charon: 16[JOB] deleting half open IKE_SA after
timeout
May 5 22:08:22 r-4-VM charon: 16[IKE] IKE_SA (unnamed)[2] state change:
CONNECTT
ING => DESTROYING
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
